Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-04MandiantBrandan Schondorfer, Nader Zaveri, Tyler McLellan, Jennifer Brito
@online{schondorfer:20220504:old:47943c4, author = {Brandan Schondorfer and Nader Zaveri and Tyler McLellan and Jennifer Brito}, title = {{Old Services, New Tricks: Cloud Metadata Abuse by UNC2903}}, date = {2022-05-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/cloud-metadata-abuse-unc2903}, language = {English}, urldate = {2022-05-05} } Old Services, New Tricks: Cloud Metadata Abuse by UNC2903
WSO
2022-05-02MandiantDoug Bienstock, Melissa Derr, Josh Madeley, Tyler McLellan, Chris Gardner
@online{bienstock:20220502:unc3524:5948892, author = {Doug Bienstock and Melissa Derr and Josh Madeley and Tyler McLellan and Chris Gardner}, title = {{UNC3524: Eye Spy on Your Email}}, date = {2022-05-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc3524-eye-spy-email}, language = {English}, urldate = {2022-05-03} } UNC3524: Eye Spy on Your Email
QUIETEXIT UNC3524
2022-04-28MandiantJohn Wolfram, Sarah Hawley, Tyler McLellan, Nick Simonian, Anders Vejlby
@online{wolfram:20220428:trello:dab21ca, author = {John Wolfram and Sarah Hawley and Tyler McLellan and Nick Simonian and Anders Vejlby}, title = {{Trello From the Other Side: Tracking APT29 Phishing Campaigns}}, date = {2022-04-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns}, language = {English}, urldate = {2022-04-29} } Trello From the Other Side: Tracking APT29 Phishing Campaigns
Cobalt Strike
2022-02-23MandiantTyler McLellan, Joshua Shilko, Shambavi Sadayappan
@online{mclellan:20220223:exchange:9b09c31, author = {Tyler McLellan and Joshua Shilko and Shambavi Sadayappan}, title = {{(Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware}}, date = {2022-02-23}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc2596-cuba-ransomware}, language = {English}, urldate = {2022-02-26} } (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware
Cuba
2021-11-29MandiantTyler McLellan, Brandan Schondorfer
@online{mclellan:20211129:kittengif:efb8036, author = {Tyler McLellan and Brandan Schondorfer}, title = {{Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again}}, date = {2021-11-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/sabbath-ransomware-affiliate}, language = {English}, urldate = {2021-11-30} } Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again
Cobalt Strike
2021-11-21Twitter (@tylabs)Tyler McLellan, Twitter (@ffforward)
@online{mclellan:20211121:twitter:018d4b1, author = {Tyler McLellan and Twitter (@ffforward)}, title = {{Twitter Thread about UNC1500 phishing using QAKBOT}}, date = {2021-11-21}, organization = {Twitter (@tylabs)}, url = {https://twitter.com/tylabs/status/1462195377277476871}, language = {English}, urldate = {2021-11-29} } Twitter Thread about UNC1500 phishing using QAKBOT
QakBot
2021-06-16FireEyeTyler McLellan, Robert Dean, Justin Moore, Nick Harbour, Mike Hunhoff, Jared Wilson
@online{mclellan:20210616:smoking:fa6559d, author = {Tyler McLellan and Robert Dean and Justin Moore and Nick Harbour and Mike Hunhoff and Jared Wilson}, title = {{Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise}}, date = {2021-06-16}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html}, language = {English}, urldate = {2021-12-01} } Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike SMOKEDHAM
2021-06-16MandiantTyler McLellan, Robert Dean, Justin Moore, Nick Harbour, Mike Hunhoff, Jared Wilson, Jordan Nuce
@online{mclellan:20210616:smoking:a03a78c, author = {Tyler McLellan and Robert Dean and Justin Moore and Nick Harbour and Mike Hunhoff and Jared Wilson and Jordan Nuce}, title = {{Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise}}, date = {2021-06-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/darkside-affiliate-supply-chain-software-compromise}, language = {English}, urldate = {2021-12-01} } Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike SMOKEDHAM
2021-04-29FireEyeTyler McLellan, Justin Moore, Raymond Leong
@online{mclellan:20210429:unc2447:2ad0d96, author = {Tyler McLellan and Justin Moore and Raymond Leong}, title = {{UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat}}, date = {2021-04-29}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html}, language = {English}, urldate = {2022-03-07} } UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
Cobalt Strike FiveHands HelloKitty